It's not hard to think of ways to outsmart Stingray-detector apps

From the Boing Boing Shop

Follow Us

A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers).

Stingrays, Dirtboxes and other IMSI catchers are fake cellular towers that trick phones into connecting to them, enabling attackers to identify people, break into their phones, and steal their data.

Free apps like SnoopSnitch, Cell Spy Catcher, GSM Spy Finder, Darshak, and AIMSICD detect common tactics used by IMSI catchers to alert users when their phones are being targeted.

The Oxford/TU Berlin team built an IMSI catcher from scratch that they called the "White Stingray," and used different -- but equally effective -- attacks on target phones that the apps couldn't detect.

One of the app creators says that the countermeasures are wholly theoretical and that his app will still reliably detect real-world cell-site simulators. Johns Hopkins security researcher Matt Green also points out that many cell-site simulators are operated by low-expertise local law enforcement, and that even if the companies behind the simulators update their products, the cops who use those products might not ever run the updates.

The team set up their makeshift stingray in a room-sized Faraday cage, to prevent it from accidentally intercepting the phone signals of anyone outside the room. Upon pitting each app against their surveillance tool, they found that each one looked for clues of only a few of the techniques a fake cell tower system might use to track or tap a phone. The apps could detect some hints that the phone was under stingray surveillance. They alerted the user, for instance, when White-Stingray downgraded the phone’s connection to a 2G signal to exploit the older protocol’s weaker security, as well as when it established an connection between the "cell tower" and the phone that lacked encryption. They could also tell when the stingray sent “silent” text messages, which ping the phone to determine its presence without displaying anything to the user, and that the fake tower didn’t exist on previous cell tower maps.

But the researchers simply switched to other methods that only a subset—or in some cases none—of the apps could detect. The White-Stingray used a different command to downgrade the phone's connection to 2G, which neither triggered the detection apps nor appeared on phone's interface. Rather than send a silent text message, it would make a silent call that connected to the target phone, determine its IMSI, and hang up before the phone rang. It surveyed nearby cell towers, and then imitated their configurations to avoid looking 'new'. And it also deployed another trick that the apps didn't try to detect: It prompted the phone to transmit a list of all the other nearby towers, and the strength of each tower's signal, allowing a snoop to triangulate the phone's exact location. "They don't try to identify this method at all," Borgaonkar says of that last technique.

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.

Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).

A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it […]

Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]

Anyone can learn piano, but don’t tell that to the bored kids who had to endure hours of “Chopsticks” and similar drills in their music lessons. Today, there’s a better way. Pianoforall lets you jump right in to discover what makes music fun, leaving you eager to learn more. In a simple but innovative approach, […]